diff --git a/shadowsocks/local.py b/shadowsocks/local.py
index 0731fc8..6896eeb 100755
--- a/shadowsocks/local.py
+++ b/shadowsocks/local.py
@@ -40,6 +40,8 @@ import select
 import SocketServer
 import struct
 import os
+import random
+import re
 import logging
 import getopt
 import encrypt
@@ -62,6 +64,24 @@ class ThreadingTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
 
 
 class Socks5Server(SocketServer.StreamRequestHandler):
+    def getServer(self):
+        aPort = REMOTE_PORT
+        aServer = SERVER
+        if isinstance(REMOTE_PORT, list):
+            # support config like "server_port": [8081, 8082]
+            aPort = random.choice(REMOTE_PORT)
+        if isinstance(SERVER, list):
+            # support config like "server": ["123.123.123.1", "123.123.123.2"]
+            aServer = random.choice(SERVER)
+
+        r = re.match(r'^(.*)\:(\d+)$', aServer)
+        if r:
+            # support config like "server": "123.123.123.1:8381"
+            # or "server": ["123.123.123.1:8381", "123.123.123.2:8381", "123.123.123.2:8382"]
+            aServer = r.group(1)
+            aPort = int(r.group(2))
+        return (aServer, aPort)
+
     def handle_tcp(self, sock, remote):
         try:
             fdset = [sock, remote]
@@ -132,7 +152,8 @@ class Socks5Server(SocketServer.StreamRequestHandler):
                 reply += socket.inet_aton('0.0.0.0') + struct.pack(">H", 2222)
                 self.wfile.write(reply)
                 # reply immediately
-                remote = socket.create_connection((SERVER, REMOTE_PORT))
+                aServer, aPort = self.getServer()
+                remote = socket.create_connection((aServer, aPort))
                 self.send_encrypt(remote, addr_to_send)
                 logging.info('connecting %s:%d' % (addr, port[0]))
             except socket.error, e:
@@ -144,8 +165,8 @@ class Socks5Server(SocketServer.StreamRequestHandler):
 
 
 def main():
-    global SERVER, REMOTE_PORT, PORT, KEY, METHOD, LOCAL, IPv6
-    
+    global SERVER, REMOTE_PORT, KEY, METHOD
+
     logging.basicConfig(level=logging.DEBUG,
                         format='%(asctime)s %(levelname)-8s %(message)s',
                         datefmt='%Y-%m-%d %H:%M:%S', filemode='a+')
@@ -167,7 +188,7 @@ def main():
     METHOD = None
     LOCAL = ''
     IPv6 = False
-    
+
     config_path = utils.find_config()
     optlist, args = getopt.getopt(sys.argv[1:], 's:b:p:k:l:m:c:6')
     for key, value in optlist:
@@ -209,7 +230,7 @@ def main():
         sys.exit('config not specified, please read https://github.com/clowwindy/shadowsocks')
 
     utils.check_config(config)
-        
+
     encrypt.init_table(KEY, METHOD)
 
     try:
@@ -223,6 +244,6 @@ def main():
     except KeyboardInterrupt:
         server.shutdown()
         sys.exit(0)
-        
+
 if __name__ == '__main__':
     main()
diff --git a/shadowsocks/server.py b/shadowsocks/server.py
index c272bb8..f08f841 100755
--- a/shadowsocks/server.py
+++ b/shadowsocks/server.py
@@ -37,6 +37,7 @@ except ImportError:
 
 import socket
 import select
+import threading
 import SocketServer
 import struct
 import os
@@ -94,7 +95,7 @@ class Socks5Server(SocketServer.StreamRequestHandler):
 
     def handle(self):
         try:
-            self.encryptor = encrypt.Encryptor(KEY, METHOD)
+            self.encryptor = encrypt.Encryptor(self.server.key, self.server.method)
             sock = self.connection
             iv_len = self.encryptor.iv_len()
             if iv_len:
@@ -125,12 +126,11 @@ class Socks5Server(SocketServer.StreamRequestHandler):
             logging.warn(e)
 
 def main():
-    global SERVER, PORT, KEY, METHOD, IPv6
- 
     logging.basicConfig(level=logging.DEBUG,
                         format='%(asctime)s %(levelname)-8s %(message)s',
                         datefmt='%Y-%m-%d %H:%M:%S', filemode='a+')
-   
+
+
     version = ''
     try:
         import pkg_resources
@@ -142,7 +142,7 @@ def main():
     KEY = None
     METHOD = None
     IPv6 = False
- 
+
     config_path = utils.find_config()
     optlist, args = getopt.getopt(sys.argv[1:], 's:p:k:m:c:6')
     for key, value in optlist:
@@ -173,21 +173,32 @@ def main():
     PORT = config['server_port']
     KEY = config['password']
     METHOD = config.get('method', None)
+    PORTPASSWORD = config.get('port_password', None)
+    TIMEOUT = config.get('timeout', 600)
 
     if not KEY and not config_path:
         sys.exit('config not specified, please read https://github.com/clowwindy/shadowsocks')
 
     utils.check_config(config)
 
+    if PORTPASSWORD:
+        if PORT or KEY:
+            logging.warn('warning: port_password should not be used with server_port and password. server_port and password will be ignored')
+    else:
+        PORTPASSWORD = {}
+        PORTPASSWORD[str(PORT)] = KEY
+
     encrypt.init_table(KEY, METHOD)
     if IPv6:
         ThreadingTCPServer.address_family = socket.AF_INET6
-    try:
-        server = ThreadingTCPServer((SERVER, PORT), Socks5Server)
+    for port, key in PORTPASSWORD.items():
+        server = ThreadingTCPServer((SERVER, int(port)), Socks5Server)
+        server.key, server.method, server.timeout = key, METHOD, int(TIMEOUT)
         logging.info("starting server at %s:%d" % tuple(server.server_address[:2]))
-        server.serve_forever()
-    except socket.error, e:
-        logging.error(e)
+        threading.Thread(target=server.serve_forever).start()
 
 if __name__ == '__main__':
-    main()
+    try:
+        main()
+    except socket.error, e:
+        logging.error(e)