Many researchers have contributed to creating Quantum Key Distribution (QKD) since the first protocol BB84 was proposed in 1984. One of the crucial problems in QKD is to guarantee its security with finite-key lengths by Privacy Amplification (PA). However, finite-key analyses show a trade-off between the security of BB84 and the secure key rates. This study analyses two examples to show concrete trade-offs. Furthermore, even though the QKD keys have been perceived to be arbitrarily secure, this study shows a fundamental limitation in the security of the keys by connecting Leftover Hash Lemma and Guessing Secrecy on the QKD keys.