It's possible to encrypt PasswordMaker.rdf using the master password without comprimising the password.
Here's a suggestion for an algorithm:
1. Hash the master password using, say HMAC-SHA1.
2. Use resulting hash to seed a pseudo-random-number generator
3. Say the random number is 249. We then randomly pick characters from a list of letters, numbers, and symbols until we have a string of 249 characters.
4. We then hash the resulting string using, say HMAC-SHA256.
5. We use the resulting hash as the key to encrypt PasswordMaker.rdf using AES.
To decrypt PasswordMaker.rdf, we follow the steps 1-4 to retrieve the key, and use it to decrypt PasswordMaker.rdf.
This way, we can encrypt PasswordMaker.rdf using a key that's based off of the master password, but even if a hacker can brute-force the encrypted PasswordMaker.rdf open and retrieve the key, he's still got to brute-force the HMAC-SHA256 hash open. Then, he needs to use the resulting string to guess the pattern used by the pseudo-random number-generator to retrieve the HMAC-SHA1 hash of the master password. Finally, only after he brute forces the HMAC-SHA1 hash can he recover the master password.
We could also use this algorithm (or a similar algorithm) to verify the master password, as requested
here.