Which cipher would be safest for ssh v2 ? I have to choose from AES 128-256 ,RC4,Twofish ,3DES,Blowfish?

Disclaimer note: This is all in some people's opinions. No liability is accepted whatsoever. And it's from the back of my head, so take it with a grain of salt. First, a bit on *symmetric* key lengths, though. A cryptographer colleague of mine says that nowadays, keys of 80 or 90 bits length (I forget which of the two, it's less than 112 bits and that's the point) are considered practically unbreakable by brute-force methods. This is a statistical fact, because *on average* you need to test half of the keyspace to find the correct key. Of course, you can be lucky in one attempt and find the key at the first (or the first 10^x, x < e.g. 10) attempts, or be unlucky and have to search the entire keyspace, which amounts to never being able to find the key. It makes good sense to change symmetric keys regularly (SSH does this). However, as long as the cipher algorithm is sound, currently 112 bits and higher can be considered safe. On a sidenote, it is also perfectly safe today to use 1024 bit RSA keypairs. 4096, 8192 or even more bits currently merely serve to induce a performance penalty. 2048 bits are OK, too. * AES (aka Rijndael): Is fast and should be pretty secure, has undergone quite a bit of public verification in a good process (NIST AES challenge). Some people have reservations about its security because it uses a relatively new technique and IIRC doesn't use as many 'cycles' as they'd like. * RC4: Don't know much about it. It's used extensively on the Web. * Twofish: Schneier's AES candidate made it into the final round and can therefore be considered secure and fast. IIRC, it's slower than Rijndael, though, inducing more of a performance hit. Whether that matters in your case is a different matter. The choice between Twofish and Rijndael is probably more of a matter of personal taste. * 3DES: The classic. Safe and well tested, but real slow. * Blowfish: Fast. Should be secure, but probably hasn't been cryptanalysed as much as 3DES, Twofish and Rijndael, so there might be undiscovered problems. I wouldn't sweat that personally, though, and use Blowfish or Rijndael on old hardware. Another note: All of the ciphers above are so hard to break that attackers typically won't bother with them. Instead, they'll attack the endpoints, i.e. SSH client and server. Remember the apache.org breakin. A legit user had a trojaned, password-sniffing SSH client, which transmitted the passwords to the attackers. The connection wasn't attacked, the endpoint was. Similar as in Web attacks. Hackers currently don't often attack the connection, be it SSL-encrypted or not. They attack the servers, it's still so much easier. Cheers Tobias