Unstoppable blockchain bloat attack?

[etotheipi]

My understanding is that transactions fees are not enforced at the protocol level, they are enforced at the network/node/miner level.  Therefore, if you try to make 1,000,000 tx of 0.000001 BTC each, no node on the network would accept those transactions without fees.  But what is stopping the attacker from using his own miner to include these million transactions in a block?  

Can't he use an altered version of the software to accept Tx's without fees, and work on creating a block with these 1,000,000 tx?  Sure, it might take him a few days/months depending on his hardware, but he would eventually get a block into the chain like that, and all nodes/miners will perceive the 1,000,000 transactions as valid.  Is this correct?
Similarly, can't the attacker make a tx with 1000 outputs, as long as they kept it within the max (500 kB?) and include that in the chain in the same manner?  

If this is true, that would seem to be a "vulnerability" in the network.  You'd only need a couple people devoting their resources to this to really bloat the hell out of the blockchain.

EDIT:  I forgot to mention this would be a networking inconvenience too, as the network tries to circulate all the new blockdata

[Syke]

That is mostly correct. There are transaction and block size limitations, so there won't be any million-transaction blocks flying around. But you are right, fees are not enforced, and someone can spam the blockchain if they include the transactions in their own generated blocks, or by connecting to other miners that also run no-fee miners.

[theymos]

Blocks can't be larger than 1MB, so an attacker can't bloat the chain too much.

[FreeMoney]

Blocks can't be larger than 1MB, so an attacker can't bloat the chain too much.

Is there a current consensus on this limit going forward?

It always worried me a bit. Miners may not want to increase later. I see all kinds of pressures in play, hard for me to work out.

[theymos]

Is there a current consensus on this limit going forward?

It always worried me a bit. Miners may not want to increase later. I see all kinds of pressures in play, hard for me to work out.

The size limit will probably be removed from clients once clients stop downloading any full blocks by default. This won't be possible for a few years, I'd guess. If necessary, the max block size could increase to perhaps 10-25 MB while clients are still downloading blocks to detect transactions.

Miners are always free to reject blocks that are above a certain size. They can do this now, in fact. This is always extremely unprofitable if most of the mining power is not doing it. If the majority does reject large blocks in order to justify raising fees, then low-fee transactions will accumulate, creating an ever-growing incentive for miners to overpower the majority, create larger blocks, and accept the unclaimed fees.

[MysteryMiner]

The Bitcoin idea is again brilliant. The greed for tx fees are more atractive than possibility of lulz when the blockchain is injected with 500kb of garbage after long time of mining with modified no-fees miner.

And yes, the vote of majority. As long as majority runs non-malicious bitcoin clients, they are free to reject the invalid or malformed transactions or blocks above preset limit.

[dree12]

The Bitcoin idea is again brilliant. The greed for tx fees are more atractive than possibility of lulz when the blockchain is injected with 500kb of garbage after long time of mining with modified no-fees miner.

And yes, the vote of majority. As long as majority runs non-malicious bitcoin clients, they are free to reject the invalid or malformed transactions or blocks above preset limit.

A miner can, at almost no extra cost, fill in blocks with undisclosed transactions while still doing the ones with tx fees. In fact, this is an minor advantage for the miner - there is more time needed for the other miners to download the full block, during which time this miner can keep mining.

[DeathAndTaxes]

The Bitcoin idea is again brilliant. The greed for tx fees are more atractive than possibility of lulz when the blockchain is injected with 500kb of garbage after long time of mining with modified no-fees miner.

And yes, the vote of majority. As long as majority runs non-malicious bitcoin clients, they are free to reject the invalid or malformed transactions or blocks above preset limit.

A miner can, at almost no extra cost, fill in blocks with undisclosed transactions while still doing the ones with tx fees. In fact, this is an minor advantage for the miner - there is more time needed for the other miners to download the full block, during which time this miner can keep mining.

That is an interesting attack.  Eventually I think min fees will need to be enforced by clients.  Just like a client that sees a block w/ coinbase transaction of 100,000 BTC generated is considered invalid a block w/ transactions which violate minimum fee rules would be considered invalid.