When I was doing some research into building an app that encrypted data similar to these cloud password managers, I encountered OPAQUE[1] which seems to be the ideal way to perform authentication and securing a master encryption key. It is an asymmetric PAKE that also has a step for providing a salt. This removes the need to do what LastPass does with treating the first hash as a password. There is a great article from Cloudflare on how it works[2], and a working implementation of the spec in rust[3].

[1]: https://github.com/cfrg/draft-irtf-cfrg-opaque

[2]: https://blog.cloudflare.com/opaque-oblivious-passwords/

[3]: https://github.com/novifinancial/opaque-ke