Most of us have seen theses OTP/eToken devices around. They are cheap, plentiful, easily available on eBay, and actually somewhat useful. The theory of operation for these is relatively simple and well-understood. The two main varieties are time-based tokens and event-based tokens. Time-based tokens are usually the ones that always have the display on and generate a new passcode every minute or so. Event-based ones are the kind that generate a new passcode when the user presses a button, and after that go back to sleep. These are the ones that usually do not have their screen on at all times. The actual codes are usually generated by hashing a secret key and a counter together. The particular token displayed (Aladdin PASS) uses SHA1 and is event-based.