Wired Equivalent Privacy (WEP) is the protocol used in wireless networks communications to encrypt data "on air". Without it anyone could just stand with a sniffer and receive everything running in the air.

As wireless communications spread, it proved to be inadequate to secure sensible data between access points in Wireless lans and larger wireless network. The use of VPN and other kinds of encryption like DES is now considered a must for any level of security need.

WEP was launched with the launch of first models of wireless cards and access points in the early 99. It can encrypt with 64 bit up to 128 keys. Some researchers proved that the key length is not important as some breaches in the algorithm itself makes it possible to crack a wep key of any length. Moreover stronger wep keys lead to performance degradation still not bringing a much higher security level.

The WEP algorithm is based upon a passphrase to generate the encryption.
The lower level of WEP encryption uses a 40 bit (10 Hex character) "secret key" (set by the user), and a 24 bit "Initialization Vector" (not under user control). Some vendors refer to this level of WEP as 40 bit, others as 64 bit. The higher level of WEP encryption, commonly referred to as 128 bit WEP, actually uses a 104 bit (26 Hex character) "secret key" (set by the user), and a 24 bit "Initialization Vector" (not under user control).

Another important aspect that should be considered is that WEP only encrypts data between 802.11 stations. Once the frame enters the wired side of the network, such as between access points, WEP no longer applies. For each frame sent the sending station can randomly change the last 24 bit of the Initialization Vector.The generated "seed" is then put into a pseudo-random number generator system that produces a keystream equal to the length of the frame's payload plus a 32-bit integrity check value (ICV) that the receiving station will recalculate and compareto the one sent by the sending station to determine correctness of information.
The encrypted final data is produced by doing a bitwise XOR between the keystream and the ICV.

Decyption is held by the receiving station thanks to the first few bytes of the frame body that contain the 24-bit initialization vector (obviously unencrypted). The shared key supplied by the user of the receiving station to decrypt the payload portion of the frame body is also needed to complete the decryption process.

Changing the 24 bit Initalization vector frequently thus making frames always different between each other is fundamental for a better security level as the same ICV for each transfer makes wep crackers tools or wireless hackers job much easier. If a hacker collects enough frames based on the same 24 bit ICV, determining the keystream or the shared secret key is an easy job. This of course leads to the wireless hacker / wep cracker decrypting any of the trasmitted frames.

The wep keys are not exchanged by stations being completely static giving the wep cracker all the time needed to take his attack to success.

In the end WEP is the most used encryption system used above all in wireless lans contest. It is the minimum security level one should have when dealing with a wireless connection. When sensible data should travel "on air" better kind of security restrictions should be taken.