now i'm confused. if they don't want the settings stored [in a cookie] (which is usually a choice made by those who want to be extra careful), then that means they want to enter the settings manually every time. this is contrary to what you said previously.
What I'm saying is this. If they are a newbie, and they have only used the basic options in their browser extension (ie. they never activated the 'advanced options' mode), and then they need a password when they are away from their home computer (eg. innternet cafe or friend's house), so they use the website, they should be able to use the website without changing any options and have it produce the same password.
They can't choose what their hash algorithm is, because they have never heard of a hash algorithm. If the website defaults don't match the extension defaults then it won't work for them.
Now, if they do change some options on the web page (maybe they are an intermediate user), should those settings be stored in a cookie? I think the answer is no, because they are probably using a public terminal and that cookie would be a security leak.