Best way for hashing a “remember me” cookie token

Question

I\'m trying to implement a \"remember me\" feature, following the guidelines provided here: The definitive guide to form-based website authentication, and h

Answer 1

Quoting The definitive guide to form-based website authentication:

DO NOT STORE THE PERSISTENT LOGIN COOKIE (TOKEN) IN YOUR DATABASE, ONLY A HASH OF IT! The login token is Password Equivalent, so if an attacker got his hands on your database, he could use the tokens to log in to any account, just as if they were cleartext login-password combinations. Therefore, use strong salted hashing (bcrypt / phpass) when storing persistent login tokens.

I agree with the first bold sentence, but not the last one.

If I'm not mistaken, the purpose of a "strong salted hashing" algorithm is that someone should not be able to retrieve passwords given a rainbow table.

But here, the hashed string is not a password but a random string. Therefore it's pretty unlikely that any rainbow table would be able to retrieve any originally hashed string. I even guess that I simply could use a basic hash('sha256', $randomString) call for this, the goal being to have different values for the token in the DB and in the cookie.