There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.