A good password manager generates a new, strong, random password for each site, stores them in a file and encrypts the file with a key that is derived from a user provided password via one of the aforementioned methods (PBKDF2 or scrypt).
This lets the user change his master password without invalidating all stored passwords and the compromise of any single or multiple site passwords does not affect the master password in any way.
And since the password-file is encrypted it can also be trivially backed up and synced across devices using any untrusted transport (e.g. Dropbox).
As it happens, this is exactly how the common solutions (KeePass, LastPass) operate. This part of the wheel is in no need to be re-invented poorly.
