I am trying to generate a unique token for every user on my site. The token is generated when the user registers, and will ideally be as secure as possble. What is the best method of doing so to allow me to display the token to the user?
This token is NOT a password, and the user is not going to create it themselves. If I hash and salt it upon registration, I will not be able to retrieve it obviously, because it’s hashed and salted. I want a simple way to do so via PHP and be able to display it to the user easily.
Hashes are one-way so the only way to reverse a hash is to store the original value making the hash redundant.
If you only need to display the value once, then store the value into a variable, print it on the page, and don’t save it, that’s secure for you.
Another option is to just use database encryption to store the token, then decrypt before displaying to the user. Assuming you use MySQL you might find this helpul: MySQL Encryption