3/30/17 1:07 PM:
Nice post. But have doubts. What would happen if the PW_Key would be compromised. Then attacker would be able to decrypt the Master key and then decrypt the cipher text of all data encrypted with this Master Key.
If you would change the order (encrypt plaintext with derived key and wrap it with MasterKey) after corrupting the derived key you would only access to ciphers encrypted with only this key.
I know that if MasterKey would be compromised then the result is the same (you then can unwrap all possible PW_Key and then decrypt the ciphertext) but it is quite often that securely storing one MasterKey is easier than secure storing of lot of PW_keys.
What you think?