From 
Attacks On RC4 and WEP
Fluhrer, Mantin and Shamir
Crptobytes Vol 5, Num 2.


For n bits, S is a permutation on numbers 0,...,N-1, N=2^n.

Typically, n=8, so S is an array of 256 bytes, the
state being some permutation of 0,...,255.

All addition is done mod N, except for the index of
the key array K.

Application to WEP:
n=8, key is K is 24 bit (3 bytes) IV and 40 bits (5 bytes) KEY:
  K = { IV[0], IV[1], IV[2], KEY[0], ... , KEY[4] } 


KSA(K)
// K is the key
Initialization:
  S := {0,1,...,N-1} // the identity permutation
  j := 0
Scrambling
  For i := 0,...,N-1
    j := j + S[i] + K[i%l] // key length is l n-bit "words"
    swap S[i], S[j]

PRGA(S)
// S is the current state
Initilaization:
  i := 0
  j := 0
Generation loop:
  i := i + 1
  j := j + S[i]
  swap S[i], S[j]
  t := S[i] + S[j]
  Output S[t]