When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH algorithm.If real users passwords are hashed using SHA256/SHA512, then sending large passwords will result in shorter response time from the server for non-existing users.