German researchers can break 104-bit WEP with a minute or two of data: The probability of success with their approach ranges from 50 percent with 40,000 packets to 95 percent with 85,000 packets. They actively force a network to generate traffic, which allows them to harvest data at will. The calculations require 3 seconds on a slow Pentium M with 40,000 packets captured. 40-bit keys are even easier to break. They released a proof-of-concept tool. Their tests were on a mixed b/g network with a variety of chipsets in the gear they tested. They could extract 764 different packets a second.
I have heard before from security researchers that WEP could be broken much faster than current public estimates; this is another step towards what I believe some private organizations have available to them to break a WEP-protected network. The researchers note that their attacks are specific to WEP, but should work with dynamic WEP (802.1X with WEP keys), although each station gets a unique WEP key in that scenario that would increase the time to break.
The best you can say about WEP, along with MAC address restriction and closed networks, is that it's a "no trespassing" sign designed to alert people that your network isn't available for public use. Cracking a WEP key and then using a network would be a crime in many U.S. states and other jurisdictions.
The practical upshot is that anyone who has relied on WEP for even a shred of security, thinking that 15 to 30 minutes of active network data would need to be obtained (if they even knew that) should just give up any pretense. WEP was already dead. These researchers have dug it up, had a party with it as the guest of honor, and re-interred it even deeper.
You can download their very clearly written paper as a PDF. [link via Slashdot]