Based on Crock's suggestion SitePassword can now store user-provided passwords. Since it now both calculates and stores passwords, I've changed the title of the paper to "A Hybrid Password Manager." Thoughts?
SitePassword stores a user-provided password by XORing it with the calculated password for the site. An attacker who knows both a user-provided password and the corresponding bookmark can figure out the calculated site password and can use that to start guessing the master password. I believe the work is only a little harder if the attacker doesn't know the bookmark. Is that right?
I could also encrypt the user-provided password with a key derived from the calculated site password. Now an attacker would have to guess the calculated password before guessing the master password. I think that only doubles the effort. Is that right? Is that worth becoming dependent on a crypto library?