Table of JavaCard hardware that is currently available:

||Vendor||Product||RAM||URL||Code-Signing||HRNG||
||Maxim||IButton DS-1957||200 KB||unavailable||no||yes||
||HID||Crescendo||72 KB||http://www.hidcorp.com/page.php?page_id=145||?||?||
||Oberthur Card Systems||ID One||?||http://www.oberthurcs.com/||?||?||



Security issues of JavaCard in general:
 * Missing code security: No Code-Signing, no code-authentication
Suggested fix: The Javacard should calculate and store a Hash of the applet when loading it. The stored hash shouldn´t be manipulateable by the applets. The stored hash should be delivered to the host when enumerating the applets, or when queriny the hash value of a specific applet (think md5sum). The hash-value should be pre-calculateable from the CAP file, so that they can be compared to the actual hash value.
 * There are only 2 insecure random number generators: InsecureRandom and SecureRandom. Both are PRNGs. (-> Dallas/Maxim made a propietory HRNG with it´s own proprietory API)
Suggested fix: Define an API-ID for a HRNG, so that every vendor can implement a HRNG.