It is snake oil crypto. It is not safe for cryptographic use. I didn't see them claim that it can be used for cryptographic use on OP's page but they do claim it is a CSPRNG in the header in their js implementation: https://www.grc.com/js/uheprng.js
>This is GRC's cryptographically strong PRNG (pseudo-random number generator)
Don't use it for security or crypto. A CSPRNG should not allow the internal state to be determined from observing the output. The hash function Mash() they use is not one-way and this break can reverse it. It does not provide prediction resistance or backtracking resistance.
>This is GRC's cryptographically strong PRNG (pseudo-random number generator)
Don't use it for security or crypto. A CSPRNG should not allow the internal state to be determined from observing the output. The hash function Mash() they use is not one-way and this break can reverse it. It does not provide prediction resistance or backtracking resistance.