$\begingroup$

I have users for which I use a SHA-1 hash as an API key. These are urandom feed into SHA-1 so you can assume they're fully random. There is no username sent along with the API key. I don't want to store the API keys in plaintext, if my server is compromised, but I can't use a salt because the username is the password here. SHA-1 hashes are 20 bytes, that's 2^160 possibilities.

In normal password authentication schemes you may have a user, Frank. Frank logs in with his username and password. With the username it is possible to look up Franks salt and hash in the database.

I can't store a salt because I don't know what row the SHA-1 hash corresponds to. I can only hash it and see if it matches something. If I randomly store a salt along the hash, how will I know which salt belongs to which plaintext API KEY?

scrypt or bcrypt without a salt are vulnerable to rainbow tables attacks, right? Is there a work-factor high enough that I don't need to worry?