[zinekeller]

Someone have claimed that this is broken: https://github.com/Sc00bz/break-uheprng

The first criticism, while valid, is an anachronism as there wasn't Web Crypto when this RNG was written. The other criticisms are fully valid though and should at least make everyone do a double take whether this is fine for their needs or not.

[panax]

It is snake oil crypto. It is not safe for cryptographic use. I didn't see them claim that it can be used for cryptographic use on OP's page but they do claim it is a CSPRNG in the header in their js implementation: https://www.grc.com/js/uheprng.js

>This is GRC's cryptographically strong PRNG (pseudo-random number generator)

Don't use it for security or crypto. A CSPRNG should not allow the internal state to be determined from observing the output. The hash function Mash() they use is not one-way and this break can reverse it. It does not provide prediction resistance or backtracking resistance.