Depending on the amount, split the key across paper across multiple bank vaults and lawyers, with direction to contact all of them and bring the key together at your death.
But good luck finding someone you can trust to actually handle the money once they have the key.
One cool aspect of Shamir's Secret Sharing is you can set any threshold for how many fragments are required to recover the secret. This reduces the risk of one losing the secret due to fragments being lost. The scheme also has perfect secrecy, so gaining a few fragments, but not the threshold amount, gives an attacker no information about the secret.
I wouldn't split the key because as another comment noted, you don't need all the pieces to brute-force the rest. Rather I would have several "keys" that when you XOR them all together, you get the real key. That way, any piece is useless without all the rest.
Unless, this is what you meant by "split" in which case I agree.
Even just putting half the key on paper and not putting the rest could make brute-forcing the rest feasible. Even knowing just 1 bit makes brute-forcing 2x as easy. 8 bits? 256x easier, etc.
One would use a scheme like Shamir's secret sharing [1], not literally cutting the exact bits of the key into strips.
> To unlock the secret via Shamir's secret sharing, a minimum number of shares are needed. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. An adversary who discovers any number of shares less than the threshold will not have any additional information about the secured secret-- this is called perfect secrecy. In this sense, SSS is a generalisation of the one-time pad (which is effectively SSS with a two-share threshold and two shares in total).
(Shamir’s scheme is delightfully straightforward, but if polynomial interpolation over finite fields isn’t a thing you feel in your bones, try inventing an n-of-n-shares scheme that only uses xor and a random-number generator. Gb nyy ohg bar bs gur cnegvpvcnagf, tvir n puhax bs enaqbz qngn nf ybat nf gur frperg; gb gur ynfg bar, tvir gur kbe bs gur frperg naq gur enaqbz puhaxf. You probably don’t want that in production, but it’s nice to figure it out and even utterly simple to prove it secure, provided you understand the proof for one-time pads.)
This immediately came to mind as a possible tactic because polynomial interpolation is covered nicely in A Programmer's Introduction To Mathematics[1] which I started reading recently. Highly recommended.
Oh yeah, I know about that. I meant to intentionally release only part of the key specifically to make brute-forcing easier for your heirs. I mean, hey, they gotta work for it, you just give them a leg up! :)
But good luck finding someone you can trust to actually handle the money once they have the key.