[darkhelmetlive]

It can work the same way. You just slowly figure out the hash: this pw for this user was a bit faster than all the other failures, so we know the first byte of the hash is ...

If you have a bunch of hashes precomputed, you can start to figure things out pretty quick.

The point is it's still leaking information about what's going on.

[MSM]

This makes sense, I hadn't thought of knowing the hashing method and it being unsalted. Knowing those it would be just as easy to whittle the list down exactly the same way.

[dekz]

Err, not exactly the same way. Sure if you have a rainbow table of all the possible values of the hash construct then it would take a negligible amount of time. Doing the math of all possible values in the Hash space you will quickly see that at this point in time and space it's not plausible to have that.

You may then argue that you can have the value space of all popular passwords, but that isn't going to be any more effective than just trying all of the possible passwords.