Why can Black Box testing take longer than Crystal Box testing according to the notes?

Black box testing tends to take longer because testers start with no knowledge of the target’s internal structure. They must perform scans, fingerprinting, and reconnaissance to discover what exists, how services respond, and where potential weaknesses lie. This external discovery expands the attack surface that has to be explored and often yields new hosts, services, versions, and configurations to test, which can be iterative and time-consuming. In contrast, crystal box (white-box) testing provides access to the code, architecture, and internal details, allowing for targeted, efficient test planning from the start. Because of that internal visibility, tests can be more precise and quicker to validate. So the requirement for scans and reconnaissance in black box testing explains why it can take longer.