在PHP手册中,有很多例子在password_hash中使用cost
一些例子用来计算好的成本

<?PHP
/**
* This code will benchmark your server to determine how high of a cost you can
* afford. You want to set the highest cost that you can without slowing down
* you server too much. 8-10 is a good baseline, and more is good if your servers
* are fast enough. The code below aims for ≤ 50 milliseconds stretching time,
 * which is a good baseline for systems handling interactive logins.
 */
$tiMetarget = 0.05; // 50 milliseconds 

$cost = 8;
do {
 $cost++;
 $start = microtime(true);
 password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
 $end = microtime(true);
} while (($end - $start) < $tiMetarget);

echo "Appropriate Cost Found: " . $cost . "\n";
?>

成本代表什么？

解决方法:

从wikipedia开始：

The cost parameter specifies a key expansion iteration count as a
power of two, which is an input to the crypt algorithm.