I understand you can use a 24+1 word mnemonic seed to generate your 256 bit private key.
Is the number of possibilties of the 24 words the same as the 256 bits? So: are there 2^255 possible 24 word combinations or is it only a subset of the possibilities?
If it is just a subset, it would be less secure I think. It would be more open to brute force attacks.
An other way of asking the question would be: is there a unique 24 word seed for every possible 256 bit private key?
Is the number of possibilties of the 24 words the same as the 256 bits? So: are there 2^255 possible 24 word combinations or is it only a subset of the possibilities?
Actually, it's just a little bit more than needed to encode a 256-bit number. Possible 24 word combinations (=1626^24) > possible 256 bits combinations (=2^256).
If it is just a subset, it would be less secure I think. It would be more open to brute force attacks.
It depends. I mean, it's like comparing a really huge number with a really huge number - a relatively small number. Both can be secure. Anyways, it's not a subset but there's one other detail. Not every 256 bits is a valid private key. Anything bigger than approx 252 bits gets "wrapped around" so you can have 2 mnemonics resulting in a same wallet, and the brute-force space would be this 252 bits. I believe it's "easier" to break EC crypto by solving discrete log problem, ie derive your private key from the public key instead of brute-forcing it. It's still "impossible", at least until QC :)
An other way of asking the question would be: is there a unique 24 word seed for every possible 256 bit private key?
Yes.
More info on the subject: Can you choose the mnemonic seed to create a wallet?
Using the mnemonic seed doesn't reduce the security.
The 25 word mnemonic seed is simply a way to represent the secret key, just like it can be represented by a hexadecimal string.
So, every possible secret key has its own 25 word representation.
