Administrator | 
11 14th, 2005| 
I consider myself a noob in the cracking/hacking. With much to learn, i’m still have some basic knowledge of cryptography. WEP is a (still) popular protocol to secure your wireless network for most regular user.
Here some info i know about WEP.
A little about WEP (Wired Equivalent Privacy):
WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. Standard 64-bit WEP uses a 40 bit key, to which a 24-bit initialisation vector (IV) is concatenated to form the RC4 traffic key. However most of manufacturers implemented an extended 128-bit WEP protocol using a 104-bit key size. A 128-bit WEP key is almost always entered by users as a string of 26(Hex) characters (0-9 and A-F). Each character represents 4 bits of the key. 4 * 26 = 104 bits. Adding the 24-bit IV we will have “128-bit WEP key”.
Flaw in WEP
Unfortunately, key size is the major security limitation in WEP. Cracking a longer key does require more packets be intercepted, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP that are not helped at all by a longer key.
Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plaintext, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack
One can have a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software.
There are two generic weaknesses of WEP reported:
* the use of WEP was optional, resulting in many installations never even activating it, and
* WEP did not include a key management protocol, relying instead on a single shared key amongst users.
In 2005, a group from the U.S. FBI gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.
How to crack WEP in 3 minutes
A few months ago, two FBI agents demonstrated how they were able to crack a WEP enabled access point within a couple of minutes. 3 minutes to be exact. This is unbelievable when compared to, say 3 days of work. Here is how they did it, and how you can do it. You may need to know your way with each and every of these tools to get this done. You can ask Google for that. Anyway, if you are familiar with them, just do as follows :
1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.
The software runs on Linux . And finally, I think you should always use a combination of 2 or more security features. As for what you need, get Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files) and get Kismet.
Source is here