The user obo has a patch in the Forum posted about the guessing.
After having aircrack continually fail on a certain (obviously ascii) key, I wrote a simple patch that has aircrack dump the corresponding ascii charaters for each byte. This makes guessing the password farily easy in the event of an all-letter password. It's especially useful in the event of single troublesome bytes, as the passphrase can be predicted. Heres an example:
./makeivs therm.ivs 74:68:65:72:6D:6F:64:79:6E:61:6D:69:63
The passphrase is “thermodynamic” .
cracking attempts at standard settings fail with the unpatched version. They also fail with the patched version, but guessing the word becomes pretty easy, especially if the last two bytes aren't bruteforced (-x options). The Strength threshold is disabled by default, but should probably be enabled with a sensible value.
Rem: This patch is included in 0.6
This thread in the forum is for the discussion