The first encryption that we will discuss is Wired Equivalent Privacy (WEP) encryption, because it's the oldest one, and also the easiest one to break. WEP encryption uses an algorithm called RC4; each packet is encrypted at the Access Point (AP), and then sent out into the air. Once the client receives it, the client will be able to decrypt the packet and read the information inside of it, since the client has the key. In short, the AP encrypts the packet and sends it, and the client receives and decrypts it. In the same way, when the client itself sends the packet, the client encrypts it and then sends it out, and the AP receives and decrypts it with a key.

Each packet that is sent out has a unique key stream. WEP ensures that the key stream is unique by using a 24-bit Initialization Vector (IV). The IV is a random number that is sent into each packet in plain text, which is not encrypted. If we read the packet, we will be able to read a part of it in plain text.

The problem with the IV is that it's very short (24-bits, which is not that long). In a busy network, there will be a very large number of packets sent, the possibilities of random IVs will be exhausted, and we will end up with two packets that have the same IV. If this happens, we can employ aircrack-ng, which uses statistical attacks to determine key streams; it will be able to determine the WEP key.

From the preceding information, we know that the more IVs we collect, the more likely we'll be to successfully crack the WEP key. Our main goal, when we try to crack WEP, is to collect as many IVs as we can—because when we have a large number of IVs, we will end up with two packets that use the same IV, and aircrack-ng will be likely to determine the key stream and the WEP key for the target network. In the next part of this chapter, we will see how this actually works, and it should be easier to understand.