Hi Eric,
I've been giving this some thought, because of the number of problems this causes with new users (and hey, I've been bitten by it a couple of times too)...
I have an idea on how it night be handled, but I may be missing something that would make this a bad idea...
Since it is impossible (?) to reverse engineer the Master Password from a hash, why not do the following:
Create a new function called 'Master Password Confirmation Hash'
When this function is called, PWM uses very secure, randomized Account Settings (randomize the Character Set, randomize the password length from 12-20, etc, which would result in a different hash each time) to generate a password which is then hashed and stored - along with the Settings used to generate it - in encrypted form on disk (or, optionally, only in memory).
Once this hash has been generated, have a little red/green light show up in the Master Password Prompt window, that shows red when the Master Password is not the same as the one that generated the Master Password Confirmation Hash, and green when it is the same.
What do you think?