diff --git a/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs b/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs
new file mode 100644
index 00000000..5c402178
--- /dev/null
+++ b/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET)
+ * 
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+using System.IO;
+using System.Text;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Moq;
+using SafeExamBrowser.Configuration.Cryptography;
+using SafeExamBrowser.Contracts.Configuration;
+using SafeExamBrowser.Contracts.Logging;
+
+namespace SafeExamBrowser.Configuration.UnitTests.Cryptography
+{
+	[TestClass]
+	public class PasswordEncryptionTests
+	{
+		private Mock<ILogger> logger;
+		private PasswordEncryption sut;
+
+		[TestInitialize]
+		public void Initialize()
+		{
+			logger = new Mock<ILogger>();
+			sut = new PasswordEncryption(logger.Object);
+		}
+
+		[TestMethod]
+		public void MustPerformCorrectly()
+		{
+			var password = "test1234";
+			var message = Encoding.UTF8.GetBytes("A super secret message!");
+			var saveStatus = sut.Encrypt(new MemoryStream(message), password, out var encrypted);
+			var loadStatus = sut.Decrypt(encrypted, password, out var decrypted);
+			var original = new MemoryStream(message);
+
+			decrypted.Seek(0, SeekOrigin.Begin);
+			original.Seek(0, SeekOrigin.Begin);
+
+			while (original.Position < original.Length)
+			{
+				Assert.AreEqual(original.ReadByte(), decrypted.ReadByte());
+			}
+
+			Assert.AreEqual(SaveStatus.Success, saveStatus);
+			Assert.AreEqual(LoadStatus.Success, loadStatus);
+		}
+	}
+}
diff --git a/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj b/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj
index 38af6872..6d7f4ce7 100644
--- a/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj
+++ b/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj
@@ -85,6 +85,7 @@
   <ItemGroup>
     <Compile Include="ConfigurationRepositoryTests.cs" />
     <Compile Include="Cryptography\HashAlgorithmTests.cs" />
+    <Compile Include="Cryptography\PasswordEncryptionTests.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>
   <ItemGroup>
diff --git a/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs b/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs
index fbdc1c2a..f05082bf 100644
--- a/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs
+++ b/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs
@@ -127,7 +127,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
 				var hashStream = new SubStream(data, 0, data.Length - originalHmac.Length);
 				var computedHmac = algorithm.ComputeHash(hashStream);
 
-				data.Seek(originalHmac.Length, SeekOrigin.End);
+				data.Seek(-originalHmac.Length, SeekOrigin.End);
 				data.Read(originalHmac, 0, originalHmac.Length);
 
 				return (originalHmac, computedHmac);
diff --git a/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs b/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs
index 2075433b..3c509876 100644
--- a/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs
+++ b/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs
@@ -1,4 +1,5 @@
 using System.Reflection;
+using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 
 // General Information about an assembly is controlled through the following
@@ -14,6 +15,7 @@ using System.Runtime.InteropServices;
 // to COM components.  If you need to access a type in this assembly from
 // COM, set the ComVisible attribute to true on that type.
 [assembly: ComVisible(false)]
+[assembly: InternalsVisibleTo("SafeExamBrowser.Configuration.UnitTests")]
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("c388c4dd-a159-457d-af92-89f7ad185109")]
diff --git a/SafeExamBrowser.Configuration/SubStream.cs b/SafeExamBrowser.Configuration/SubStream.cs
index ee67b3a8..3cdda622 100644
--- a/SafeExamBrowser.Configuration/SubStream.cs
+++ b/SafeExamBrowser.Configuration/SubStream.cs
@@ -119,7 +119,7 @@ namespace SafeExamBrowser.Configuration
 					Position += offset;
 					break;
 				case SeekOrigin.End:
-					Position = length - offset;
+					Position = length + offset;
 					break;
 				default:
 					throw new NotImplementedException($"Seeking from position '{origin}' is not implemented!");