Bitcoin Forum

Would a seed of 24 words with 22 known and 2 missing be crackable?

What are your thoughts?

Yes. If only 2 seed words are unknown there are only 2048^2 = 4194304 possible combinations left, which should be well within reach of brute force attacks. That is of course assuming the attackers knows the seed word order, including where the positions of the missing seed words should be. However even the attacker not knowing where to place the missing seed words would make this scheme much safer.

Assuming English words are being used here is the list (https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt).

So you only have to enter 2,048² = 4,194,304 possible combinations of words.

Given the list above a simple program to iterate through each of the 4,194,304 possible values could be easily written.

However, as described in the previous post you would need to know the correct order of the other words and the correct position of the two missing words.

Like HeRetiK already said, it's not only theoretically possible, it's even rather easy.
There are even scripts to help you brute force such a seed: https://github.com/gurnec/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md

Knowing that the 22 seeds are in order but that the position of the two missing words is not known helps some but the key can still be brute forced.

This only increases the number of trials by about 24² = 576 so the total number of trials is less than 2,415,919,104

l am not sure "where" this thread is coming from.  I would rather have you simply change two of the seed words (of the 24) to other seed words that are in the approved list of words.  That way there would be 24 words and no way to determine IF or HOW MANY words have been changed.  All such schemes as this thread reflects lead to dangerous loss of coins either via mistakes, or someone discovering the scheme and taking them.

Anything is crackable even with only partial data. The NSA will confirm.  ;)