If the wallet has no password it also has no master_key.  The master_key is not randomly generated until the user initially encrypts the wallet.  The decrypted master_key is never stored on disk.


This sentence is unclear.

To initially encrypt the master_key, the client asks the user for a new password.  The password_derived_key is created from the passphrase.  The master_key is encrypted with the password_derived_key.  The password & password_derived_key is removed from memory.

To "unlock" the wallet the client prompts the user for the password.  The password_derived_key is created from the passphrase.  The encrypted_master_key is decrypted with the password_derived_key.  The master_key is stored in memory.  The password & password_derived_key is removed from memory.

The "lock" the wallet, the client deletes the master_key from memory.


I am not sure I understand the question.  If you find the (decrypted) master_key you can use it to decrypt the individual private keys.  No brute force is required, you have the decryption key.

The reason for not encrypting the individual_private_key with the password_derived_key is if the user changes the password then you would need to decrypt and re-encrypt every single private_key.  By using a random "master_key" if the user changes the password you just need to decrypt and re-encrypt the master_key.  


Cryptography done right is pretty amazing.  With Bitcoin we are only at the beginning.