Couple of quick notes, welcome to the world of captcha design. Don't reinvent wheels, there's lots of material on the subject.
Also, your urlencoded string that you pass to the form processor is the same as used to generate the image. Try moving to a hash of a time sensitive shared secret, which will prevent your captcha from being reverse engineered.
This is the problem that the trencaspammer (sp?) captcha had a while back.
And realise that you've just prevented anyone who is blind or has poor eyesight from commenting on your blog.
Keep working on it, a variety of anti-spam solutions in the ecosystem is healthy.