WiFi Net News is saying R.I.P. W.E.P. after news of a new version of Aircrack was released that can break WEP in seconds after passively sniffing only a small number of packets. The result is that it takes only two to five minutes to crack a key.
Even keys changed every 10 minutes are thus susceptible to an attack that might allow several minutes of discrete information. Unique keys distributed by 802.1X to each machine on a network reduces the number of packets sent by individual computers, thus still offering a window of possibility of crack-free WEP use. But it’s a thin margin.
[…A] laptop could break keys quite easily without any intervention. Leave such a laptop running and it could gather a lot of data over a few hours even if the window of decryption is just minutes long for each key.
It’s also worth looking at the WiFi Net News 2004 Roundup of the site’s most popular stories. There was a lot of interest in wireless printing and WiFi signal finders, but the site notes that “seven of the top 10 stories were about security and three of those about WPA weaknesses.” Interesting.