Hardware cryptography has a weakness in that a cryptographic chip (also referred to as a CryptoChip) will perform critical cryptographic tasks as long as the task is accompanied by a password of a certificate residing on the chip.
The problem is that a hacker or virus/trojan having a key logger can trap a users' key strokes, grabbing the user's password allowing the hacker or virus trojan, unseen by the user, to command the chip to decrypt and/or sign data.
The problem, as stated above, is that the cryptographic chip is open to an application, including a nefarious one, that can supply the password. It's important in hardware cryptography that the system be open, placing as few restrictions on legitimate users as possible. However in its present state, hardware cryptography is too open.
Hardware cryptography uses two cryptographic libraries, PKCS #11 and the CryptoAPI. These cryptographic libraries allow developers of hardware cryptographic solutions to rapidly develop applications without needing to know anything about the underlying hardware. Additionally, these two libraries are almost a standard in cryptography and as such there is enormous resistance to any changes to these libraries.
These libraries are also used by a CryptoChip and have a weakness called Silent-Mode Login, which allows an application to supply the password to the CryptoChip or Smart Card.
The problem with Silent-Mode Login is that a trojan application having a key logger can trap a users' key strokes, grabbing the user's password and allowing the hacker or virus trojan, unseen by the user, to command the Smart Card or CryptoChip to decrypt and/or sign data and at some future time send that data from the computer.
The inherent weakness of Silent-Mode Login is known to the Smart Card industry but is regarded as an acceptable risk because in the absence of Silent-Mode Login, the user would be required to frequently supply the password for critical tasks such as decryption & message signing, leading to user irritation and a rejection of Smart Card technology.
A properly working PKI system depends on a user's private key remaining private. While Smart Cards make it impossible to steal a user's private key, the weakness of Silent-Mode Login means that while it may not be possible to steal a private key, it is possible to utilize a private key, thus undermining confidence in such a system.