MITM (1D-MITM)
Assume the attacker knows a set of plaintext P and ciphertext C that satisfies the following:
where ENC is the encryption function, DEC the decryption function DEC is defined as ENC-1 (inverse mapping) and k1 and k2 are two keys.
The attacker can then compute ENCk1(P) for all possible keys k1. Afterwards he can decrypt the ciphertext by computing DECk2(C) for each k2. Any matches between these two resulting sets are likely to reveal the correct keys. (To speed up the comparison, the ENCk1(P) set can be stored in an in-memory lookup table, then each DECk2(C) can be matched against the values in the lookup table to find the candidate keys)
This attack is one of the reasons why DES was replaced by Triple DES — "Double DES" does not provide much additional security against exhaustive key search for an attacker with 256 space. However, Triple DES with a "triple length" (168-bit) key is vulnerable to a meet-in-the-middle attack in 256 space and 2112.
Once the matches are discovered, they can be verified with a second test-set of plaintext and ciphertext.
Read more about this topic: Meet-in-the-middle Attack