This post posted by Vladimir Kuzin on 15th Oct 2009. For Quick reference posted here.
Encrypting URL parameter with RC4 didn’t completely meet the objective, since it still was possible for users to use sequential numbers. Take a look at example of encrypted data below:
Notice that only last digit of the encrypted data has changed, therefore substituting it with sequential numbers will cause an issue. To solve this I’ve added random prefix and suffix blocks to data before encrypting. Prefix and suffix blocks consisted from random letters and were anywhere between 10 and 25 characters in length. Now data looked like this:
I am sure there are different and possibly better solutions somewhere out there, but this one worked for my client and was implemented within a small project budget.