Increase the speed of your 802.11g card! All you need is some CAT5, aluminum foil, and a salad bowl! Go, go, gadget Sat Dish!. Can anyone say McGuyver (or spell that guys name for that matter).

So you probably already knew that WEP is trash. And if you didn't already know that little tidbit, you need to wake up and get into the year 2001 (or later). In 2001 WEP was first compromised, and since then the compromises have advanced multiple times. In 2001 it took approximately five million packets to crack a WEP key, in 2004 that number was down to 500,000. With the announcement of a recent new attack vector, that value has gone down to 85,000 packets and less than two minutes to crack a 104bit WEP key.

The attack, created by Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann, students at Darmstadt University, is a completely new approach.

"From a theoretical point of view, our algorithm is based on the following ideas. Andreas Klein, a German researcher, showed that there is a correlation in RC4 between Keybytes 1 to i-1, the keystream and the keybyte i. If the keybytes 1 to i-1 and the keystream are known, it is possible to guess the next unknown keybyte with a probability of about 1.36/256 which is a little bit higher than 1/256. We were able to show that it is also possible to guess the sum of keybytes i to i+k with a probability of more thatn 1.24/256.

In a WEP environment, the first three bytes of a packet key are always known and are called IV. Our tool tries to guess the sum of the next 1, 2, 3, ... to 13 keybytes for every packet. If enough packets have been captured, the most guessed value for a sum is usually the right one. If not, the correct value is most times one of the most guessed ones."

You can read the entire interview with the students at this link: Complete Interview
Additional news coverage is at this link:The Register Article
The entire paper released by the team can be found here: COMPLETE PAPER