Bad idea. If you need real security, you cannot use JavaScript as it is totally placed on the client side, so it can be easily read and analyzed off-line. After that, one could design and implement an automated work-around solution based on the same data available to your script. In other words, the rough idea is that: looking at your script fully available to the client, one can create an anti-script for it and mimic a human operator to crack your "protection" against a robot.
Therefore, the right solution should be based on server-side code. Besides, in this case, graphic manipulations is way easier to implement and debug, because this is .NET. You can develop and debug the main engine using a desktop application, which is way faster and easier, and then move it to your Web application.
Your .NET solution on the server-side needs only one graphics library to accomplish this task:
System.Drawing
; please see:
http://msdn.microsoft.com/en-us/library/system.drawing.aspx[
^].
—SA