pYro_65:
Create a block of data repeating the time from the RTC, then hash it.
Then use this as an ID, it will be unique. For security, its non sequential and does not need to be stored.The purpose of this style of ID is to provide validation of a single message, not to identify it in a pool of messages. As in it has no meaning to the data, just the hash cannot be created without it.
If the system dies, no worries just set the time and the unique ID's are restored.
Sorry to ask more on this as like I said before I want to do this right and I am also reading Practical Cryptography by Ferguson and Schneier and as they seem to continually write "We already have enough fast, insecure systems. We don't need another one". So my question is are you saying to have a random block of data that both the server and arduino have AS WELL AS a key used for the DH key exchange. This random block is used with the RTC to create a one time code like that used in Google authenticator?