I found the transformation of the hash in upper and lower case alphanumerical too complex, and the hard coded constants at the end may diminish a bit the entropy of the generated passwords.

Why not simply use a standard conversion to Base64 that the hash function itself may offer, and then delete the characters you don’t want, until you have a string that obeys your rules? If that fails, you rehash (don’t need to be the 1k rounds again) the password and try again.

I think that a simple system is important, so that I can program a correct password generator from memory, if for some reason I loss all the copies of the original.

All in all, it is close to my image of a perfect password generator. I like the lack of options to remember, but at the same time the flexibility on the site key, so that an attacker can’t easily construct a rainbow table for passhash, as the salt (site key) may differ a lot from person to person. I, for one, may use shorter aliases, and add some fixed padding.