Hi everybody I am developing an image captcha system as a side project something like hcaptcha/Recaptcha - image classification/object localization.
I have a few questions regarding the security of such a system.
Is it acceptable to use pseudo-random number generators for choosing labels (e.g. crosswalk, car in Recaptcha) or shuffling images?
Is it acceptable to send encrypted answers to the browser to remain stateless? I've been suggested with fernet encryption as a good baseline in another StackOverflow post. I could use a sticky session and generate an encryption key at the start of the process and the key might not be stored in another location than ram.