Let π be an efficient two-party protocol that given security parameter k, both parties output single bits X_k and Y_k, respectively. We are interested in how (X_k, Y_k) "appears" to an efficient adversary that only views the transcript T_k. We make the following contributions: • We develop new tools to argue about this loose notion, and show (modulo some caveats) that for every such protocol π, there exists an efficient simulator such that the following holds: on input T_k, the simulator outputs a pair (X'_k, Y'_k) such that (X'_k, Y'_k, T_k) is (somewhat) computationally indistinguishable from (X_k, Y_k, T_k). • We use these tools to prove the following dichotomy theorem: every such protocol π is: – either uncorrelated — it is (somewhat) indistinguishable from an efficient protocol whose parties interact to produce T_k, but then choose their outputs independently from some product distribution (that is determined in poly-time from T_k), – or, the protocol implies a key-agreement protocol (for infinitely many k's). Uncorrelated protocols are uninteresting from a cryptographic viewpoint, as the correlation between outputs is (computationally) trivial. Our dichotomy shows that every protocol is either completely uninteresting or implies key-agreement. • We use the above dichotomy to make progress on open problems on minimal cryptographic assumptions required for differentially private mechanisms for the XOR function. • A subsequent work of Haitner et al. uses the above dichotomy to makes progress on a long-standing open question regarding the complexity of fair two-party coin-flipping protocols. We highlight the following ideas regarding our technique: • The simulator algorithm is obtained by a carefully designed "competition" between efficient algorithms attempting to forecast ((X_k, Y_k)|T_k = t). The winner is used to simulate the outputs of the protocol. • Our key-agreement protocol uses the simulation to reduce to an information theoretic setup, and is in some sense non-black box.