I don't know. I skimmed Gasti & Rasmussen 2012, and reread Goldberg's comment; unfortunately, I also just skimmed the source for for PasswordSafe V3, the "only one" that achieved "MAL-CDBA"; it appears to be cryptographically unsound (MAC-then-encrypt of an idiosyncratic AES-CBC).
