The hash algorithm actually recreates your password from scratch every time you need it. The most common implementation I’ve found is where the software grabs the domain name of the site you are currently visiting. Then, it prompts you for your “super secret” password. What happens next is that the algorithm combines (hashes) these two things together, in real time, to come up with your site-specific password, which you then copy/paste into the form on the site you are currently visiting.

The algorithm runs locally (nothing transmitted over the network). As long as the inputs (domain name, super secret password and hash algorithm, in this case) are the same every time, the software will generate the same, site-specific password every time.

I hope that helps,
-Adam

How ’bout a play on the strategy that leverages a password plus information that is only on your person. For example, say that you keep the first half of each of your passwords in a Google Doc Spreadsheet, one row for each system that you require a password for. (e.g. Column A: JoeSchmoeThePlummer.com Column B: amazur Column C:blah) Then you keep another spreadsheet in your PDA with the 2nd half of the passwords: (e.g. Column A: JoeSchmoeThePlummer.com Column B:yada) Your password is basically ‘blahyada’.

Now don’t store your Google Doc credentials anywhere… you’ll have to remember those…

Then again, maybe Google will go belly up