What is the cost option in password_hash? [closed]

Question

In the PHP manual there are many examples which use the cost option in password_hash. Here is some sample code to calculate a good value for cost:

<?php
/**
* This code will benchmark your server to determine how high of a cost you can
* afford. You want to set the highest cost that you can without slowing down
* you server too much. 8-10 is a good baseline, and more is good if your servers
* are fast enough. The code below aims for ≤ 50 milliseconds stretching time,
 * which is a good baseline for systems handling interactive logins.
 */
$timeTarget = 0.05; // 50 milliseconds 

$cost = 8;
do {
 $cost++;
 $start = microtime(true);
 password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
 $end = microtime(true);
} while (($end - $start) < $timeTarget);

echo "Appropriate Cost Found: " . $cost . "\n";
?>

What does cost mean? What is it for?

Answer 1

From wikipedia:

The cost parameter specifies a key expansion iteration count as a power of two, which is an input to the crypt algorithm.

Answer 2

https://wildlyinaccurate.com/bcrypt-choosing-a-work-factor/

The reason that the key setup phase can be potentially expensive is because it is run 2^work times. As password hashing is usually associated with common tasks like logging a user into a system, it’s important to find the right balance between security and performance. Using a high work factor makes it incredibly difficult to execute a brute-force attack, but can put unnecessary load on the system.