Beware that if you're using some of these libraries for sensitive data, let's say passwords, then there is probably no way to make sure a password is ever gone from memory. There is no guarantee that the passwords will not be swapped out to disk or transmitted by radio. There might be other problems as well. The algorithms themselves might be weak. Don't pick weak keys. Know what you're doing.
Your Scheme's implementation of
(srfi :27 random-bits) might be
too weak. It's common that it will be initialized from time alone, so
an attacker can easily guess your
random-source internal state
by trying a few timestamps and checking which one generates the data
you sent. These libraries try to use
/dev/urandom if it exists,
but if it doesn't they fall back on SRFI-27 and could reveal the
secret of your heart to the enemy. See RFC4086 for details on how
And remember what the license says about warranties. Don't come crying
to me if the enemy deciphers your secret messages and your whole
convoy blows up. These libraries have not been validated by the NIST
or the FDA and quite likely aren't allowed for government work.