It's possible to deduce password hashes by timing responses over the internet if the server isn't using constant time comparison. Noise is just that, a noise.