I review the ideas and main results in the derivation of security bounds in quantum key distribution for keys of finite length. In particular, all the detailed studies on specific protocols and implementations indicate that no secret key can be extracted if the number of processed signals per run is smaller than 10^5-10^6. I show how these numbers can be recovered from very basic estimates.