The key is appended, etc.; using the passphrase as-is as the binary key would be a poor way of doing it, as ASCII (or any easily typeable) key would have relatively little entropy: at worst, if everything is a-z, your 104-bit WEP has just become 61.1-bit WEP. Much better is to hash the passphrase to generate the key.
Yes, the key is appended. And some network devices do have some sort of "generate a key for me" utilities built into them. But we're talking about shared secret tools here. That key generation algorithm is not defined in the spec; therefore, each vendor's is proprietary, assuming it exists at all, and, more to the point, whatever 13-byte chunk that algorithm comes up with has to be typed in verbatim in all of your other devices, not the phrase you used to come up with it.
The fact of the matter, though, is that the whole encryption scheme is horribly broken and it doesn't make a lot of difference how random your key/seed is; it can be broken in a few minutes anyway.
Previous Topic
Index
