An
offline attack performs password cracking on stolen hash databases — no lockout policies, no rate limiting, full GPU power. Can test billions of combinations per second.
Stolen password databases enable offline cracking. Defense: strong key derivation functions (bcrypt/Argon2) make even offline attacks impractical. MD5/SHA-1 hashes are cracked in seconds offline. This is why algorithm choice matters enormously.