Requiescat in pace, you broken, broken standard: Let's call the time of death for WEP. Jim Thompson forwarded me this link that shows that an Aircrack--based on an Aug. 2004 set of code--can rely on just a few hundred thousand passively collected packets and crack a key in seconds. A few hundred thousand packets could be as little as two minutes of collection time on a busy 802.11g network. (Jim Geier ran the number on packets per second for 802.11a and 802.11g in this April article at Small Business Computing.)
Thus the death of WEP. Two to five minutes of collection. A few second most of the time to crack the key. Even keys changed every 10 minutes are thus susceptible to an attack that might allow several minutes of discrete information. Unique keys distributed by 802.1X to each machine on a network reduces the number of packets sent by individual computers, thus still offering a window of possibility of crack-free WEP use. But it's a thin margin.
The article describes using one tool to collect packets, estimating a yield, and then employing aircrack with manual intervention for determining ideal fudge factor for wild guessing. Combine yield averaging with automatic fudging and a sufficiently powerful laptop could break keys quite easily without any intrervention. Leave such a laptop running and it could gather a lot of data over a few hours even if the window of decryption is just minutes long for each key.
And that's just the beginning.
Even a casual home user now has something to fear as this is far simpler than previous attacks requiring far less expertise.
Time to say good bye to WEP forever.
As of December 2004 TiVO still forces wireless network users to select WEP, even if the adapters attached to the TiVO are WPA enabled and the access point supports WPA.
http://www.google.com/url?sa=U&start=1&q=http://www.tivocommunity.com/tivo-vb/showthread.php%3F%26goto%3Dlastpost%26threadid%3D201994&e=7634
I wonder how many home networks are now vulnerable, because TiVO is slow to update and stupidily cripples network security options for its customers who could otherwise use WPA.